Increasing Need for Public-Private Partnerships in Cyber

Amidst all the talk about Libya today, two U.S. combatant commanders took a moment to bring cyber warfare in to the spotlight, calling for increased public private partnership on cyber matters due to the fact that the vast majority of cyber operations occur outside of the DoD’s purview.

“What we’re seeing here is a threat that is evolving from the old nuisance hackers, the thirteen year old in the basement down the street” to sophisticated terror group and state-sponsored cyber war, said U.S. Strategic Command boss Gen. Robert Kehler during a Senate Armed Services Committee hearing today.

Defining the role played by the government, the Pentagon and private industry in responding to these attacks is “the issue that’s foremost on our plates these days,” said Kehler. This is especially important since cyber “is largely in the public domain,” he added.

At the heart of this issue is questions such as; how does the U.S. respond to a government-backed cyber attack against a private U.S. firm?

Until this is done, the Pentagon and federal government as a whole will not be able to respond to attacks “at network speed,” added Kehler, who as chief of STRATCOM is the nation’s top cyberwarfare officer.

“The next steps that we have to take is to have better situational awareness between the combatant commands and broader than that out into the public domain,’ said Kehler.

The government must also recruit the best minds in cyber and figure out “this balance between our constitutional protections and our need to act on behalf of the nation with the appropriate civil authorities in the lead.” In other words, how does the government monitor for malicious cyber activity while respecting U.S. citizen’s privacy rights?

What seems to be one definite trend here is an increasing partnership and information exchange and coordinate responses to cyber incidents between the government and private industry; from tech titans to the energy companies and banks that may be enticing targets in cyber warfare, said U.S. European Command chief and NATO commander Adm. Jim Stavridis during the same hearing.

“We have learned how to do joint operations, we are getting much better at interagency operations, I think a growth area in security is private-public and where those two things connect and cyber is probably the prime example of it,” said Stavridis.

Join the Conversation

Lets cut to the chase here. Cyber Command failed on Jan.14th. of this year, when Egypt threatened to shut down the Internet, a private company with $ billions in market value called the US government when their company’s servers were threatened and the answer they get is we will get back to you, first we need to talk to our lawyers.

The company took matters and international law into its own hands and through heroic efforts by employees and customers saved it self and in the process re-routed and hardened the web to keep any future events of this nature from happening, they did what the US government couldn’t or wouldn’t do.

What’s the problems. First off, and this is condensed from a statement by a ranking General Officer that has direct supervision over Cyber Command. We don’t have the qualified personal, we don’t understand the internet, we don’t understand social networking at all, and we lack the organizational ability and qualified knowledgeable supervision to run Cyber Command.

Next is Federal you can start with the “Posse Comitatus Act”. The military can’t legally act on the internet on sites that are not government, the courts have ruled.

Lastly private business. Quite frankly they would rather risk their data then to put it in any system that the Federal Government could enter. Its call the tax man cometh.

The only way to work a Cyber Command legally would be to make part of the National Guard, as the DoD has done with NORCOM.

You wrote: “The only way to work a Cyber Command legally would be to make part of the National Guard, as the DoD has done with NORCOM.”

Legal issues apart: But who exactly would benefit from having “soldiers” protect their data against Internet attacks, in terms of greater security? Soldiers get their software, their hardware and probably even most of their I.T. training ( = EVERYTHING ! ) from exactly the same CIVILIAN I.T. companies that presently supply all large civilian companies, too, including the big, civilian Internet providers — and the Russian and Czech Internet protection companies Kaspersky and ESET are even the best in that field — and you U.S. Americans (Norton, Panda, McAffee, Bit Defender, etc.) the worst!!! Basically that’s like telling pistol-armed “infantrymen” to carry out exactly the same functions as good old traditional cops: It’s nothing but a name game, or posturing.

Except of course — as you correctly hinted — if the TRUE purpose of this whole annoying “cyber-threat” charade (and therefore also of the resulting Cyber-Command) is to to try to give Big Brother total access to all our private data…

Once again: The only “legitimate” (and sensible) purpose of a military Cyber-Command is EXTERNAL , military offense (in times of war. Think of the “Israeli” malware injection that anesthesized the Syrian air defenses just ahead of their air raid on the secret Syrian reactor) , NOT “internal, civilian defense” !

But then again — since you U.S. Americans use your “anti-terroristic” “Echelon” network for civilian, business espionage on the rest of the World… (See if it worked for your Economy)

Good to see you around again ffb, and let me be the first here to congratulate you and the French people on the great job they are doing in Libya and especially the Aircraft Carrier Charles de Galle and the French Naval aircraft the Rafale F-3. Its to bad that the US F-22 couldn’t make an appearance like the three B-2 did, of course now we need 100 B-3’s so there showing was less for the mission then the PR of US defense contractors. But now at least we get to see the excuses for the no show being posted, its even funny over on this side of the pond ffb. The bottom line is the $250 million F-22 is just to expensive to risk against 50 year old Soviet fighters. The $30 million French F-3 will due just fine.

Regarding the US Cyber Command, as I’m sure you know currently its down, but here is a classic example of rushing into something the DoD didn’t know anything about, and legally has no place in. If we had to have a Cyber Command the Department of Homeland Defense was it logical parent organization. But the attraction of making more needless and useless Generals and Admirals is just to tempting for the Pentagon, and any useless theater command will do.

The problem with trying to deal with cyber protection the “criminals” are more then likely be a 15 year old kid bored to death and knows every computer game inside out and want to have a little fun the a nation state who’s experts are about as lame as the American militaries are. This 15 year old kid is the person who could create a real cyber defense, but is not likely to join the military and put up with the bull sh** of the command structure.

The problem outside of legal with cyber issues is the military just doesn’t have the expertise to keep up with the technology nor the command structure to operate in the unique environment that cyber issues present. As you suggest ffb what private business or group is going to trust their financial data to the US Federal Government for protection.

The solution is to take Cyber Command out of the DoD, and put it in the Department of Justice where there would be no legal issues and the rigidity of military rank and command wouldn’t apply to who does what and some of those 15 tears can put their boredom and skills to work as the did on Jan.14th. and 15th. True the financial community is not going to rush to turn its data over to the Government but at least an effective legal structure could be developed to enforce US law on cyber issues.

Private security firms are not the answer, to many greedy paws clawing at the same dollar and security with in the security group would be non existent.

You wrote: “The solution is to take Cyber Command out of the DoD, and put it in the Department of Justice where there would be no legal issues and the rigidity of military rank and command wouldn’t apply (…) ”

And all their activities would always have to be approved and monitored by independent, higher-ranking judges: Sounds SHOCKINGLY REASONABLE to me!

Almost like a mature, boring Democracy!

Since most of what shouldn’t happen on the Internet are “merely” crimes, not exactly “wars” (and sometimes a bit of foreign espionage, too), I wonder if the U.S. Police (the F.B.I. ?) couldn’t be promoted to exclusive warden of your country’s cyber security, too…?

At least here in Europe I don’t know a single country whose Armed Forces has some sort of “cyber warfare branch” (but our internal and external spy agencies certainly have an “I.T. Division” of their own — and these are rather loosely supervised, if you know what I mean), but many of our Polices’ criminal investigation teams certainly do have cyber experts, including cyber undercover cops (although their missions’ scopes are rather limited).

Why does there always have to be a military general at the top of every single executive service? I thought we were already past those ages…?

P.S. 1:
Don’t EVER congratulate me again for filthy djoow Sarkózy’s attack on a peaceful, Muslim country as part of his Zionistic agenda, or to promote our “Rafales” prior to (Brazil’s) Lula’s / Dilma’s Tour de France! (“Rafale” = yesterday’s technology)
Sarkózy’s grandmother should have been roasted in Auschwitz!
Right now I feel sooo ashamed of being French…

I sincerely apologize to for offending your politicaL sensibilities and I will endeavour in the future not to do it again. But I’m rather curious about you rational. It is well know that Gadhafi has been dealing with Israel fir years and in fact when he goes down Israel will have to take some serious write offs, also I noticed in a press release yesterday that Israel has problems wit any over throw of President Assad of Syria, I guess the reals are also economic.

On your PS 2 I can’t discount either option. I think you came up the reason that tomorrows technology the US F-22 didn’t make it to the party in Libya. Accidents and lucky shots do happen don’t they?

Settle back with a bottle of 07 and enjoy the ride its going to be long. Wait till Islam’s revolution enters China and is flanked by Tibet and Mongolia. We shall see how the PLA/PAP fight above 10,000 feet.